Electronic communication systems provide a convenient, cost-effective means for sharing and distributing information. However, the ease with which information can be made available can result in the inadvertent release of confidential and private information. The results of such inadvertent releases can be inconvenient, are often embarrassing for the sender, and can be costly, for example where valuable proprietary information of a company is released. With the increasing prevalence of malicious programs, releases of information through electronic communication systems can occur without direct user involvement.
In order to protect proprietary or private information, such information may bear a restrictive legend, such as “CONFIDENTIAL.” Such markings are intended to warn a viewer that unrestricted release of the information is to be avoided. However, a user may disregard or fail to see such legends when attaching the information to an email, or otherwise making an electronic version of the information available to another user. Unintentional releases of information can also be made if a user incorrectly addresses an electronic message containing proprietary information. For example, a user may select one or more addresses in addition to or instead of an intended address. As another example, a user may choose to send an electronic message to a mailing list that includes an unauthorized address that the sender is not aware of. For instance, an internal mailing list may contain an external address.
Another source of potentially harmful releases of information are malicious programs, such as Trojan horses and viruses. If such a malicious program loads itself onto a machine, it may direct that information stored on or available to that machine be sent to some other machine. This typically occurs in the background, without any overt indication of the activity being provided to the user.
Although programs exist to detect the large scale misuse of electronic communications, such as may be observed in connection with spamming operations, the responsibility for determining that content provided through a particular device or in association with a particular user is properly addressed and/or released is with the user. In particular, although Internet Service Providers (ISPs) and companies may monitor network traffic for unauthorized messages, such monitoring is not done in the context of looking at individual messages. Furthermore, even if a system for monitoring releases of information is in place, where the sender of a message has authority to send proprietary information, no additional check may be made.
Other programs for protecting against malicious programs are generally concerned with preventing a user from loading such programs onto their machine in the first place. Programs for rejecting spam messages only consider incoming messages. Accordingly, such programs do not provide protection against unintended releases of information.